Rapid7's (RPD -0.69%) stock hit an all-time high of $140.13 per share during the apex of the growth stock rally on Nov. 9, 2021. That represented a whopping 776% gain from its IPO price of $16 in 2015. But in 2022 its stock price plunged 71% as its revenue growth cooled off and rising interest rates deflated its high valuations.
However, Rapid7's stock price has rallied about 24% since the beginning of 2023 as several reports suggested the cybersecurity company could be acquired. In February, Reuters reported that the company had hired Goldman Sachs to explore a potential sale.
In April, Betaville named the private equity firms Thoma Bravo and TPG Capital as its most likely suitors. Earlier this month, The Information claimed Thoma Bravo had tried to buy Rapid7, but that a final price couldn't be agreed upon. TPG also recently agreed to buy Francisco Partners' Forcepoint government cybersecurity unit, which suggests it might not be interested in Rapid7 anymore.
Does the apparent end of that takeover buzz indicate it's too late to buy Rapid7's stock? Let's review its business model, growth rates, and valuations to decide.
What does Rapid7 do?
Rapid7's InsightVM platform provides vulnerability management services, which scan an organization's software infrastructure for potential weaknesses. Its InsightIDR platform bundles together security information and event management (SIEM), endpoint protection, and analytics tools to harden those soft spots. Its InsightAppSec platform is used to test individual applications for security issues.
In other words, Rapid7 takes a more proactive approach to securing a company's infrastructure instead of shoring up its perimeter defenses or responding to active threats. In that regard, Rapid7 is similar to Tenable (TENB 0.57%), which also scans networks for potential vulnerabilities with its Nessus platform, and Qualys (QLYS 0.47%), which does the same thing with its cloud-based services.
These tools are crucial to large businesses, but it's also a saturated market that isn't growing as rapidly as other niches of the cybersecurity sector. According to Research and Markets, the global security and vulnerability management market might only grow at a compound annual growth rate (CAGR) of 7.5% from 2022 to 2030. By comparison, the entire global cybersecurity market could expand at a faster CAGR of 13.8% from 2023 to 2030, according to Fortune Business Insights.
How rapidly has Rapid7 been growing?
Yet Rapid7 is still growing faster than the broader security and vulnerability management market. That's probably because the industry forecasts also include larger and slower-growth tech giants like IBM and AT&T, which both bundle similar vulnerability management services into their cybersecurity ecosystems.
Between 2019 and 2022, Rapid7's revenue actually grew at a CAGR of 28%, its total number of customers rose from 9,022 to 10,929, and its average annual recurring revenue (ARR) per customer climbed from $37,500 to $65,400. Its adjusted gross margins also stayed in the mid-70s as its adjusted operating margins expanded.
Metric |
2019 |
2020 |
2021 |
2022 |
---|---|---|---|---|
Revenue Growth |
34% |
26% |
30% |
28% |
ARR Growth |
35% |
28% |
38% |
19% |
Customer Growth |
16% |
8% |
18% |
6% |
ARR per Customer Growth |
16% |
18% |
17% |
12% |
Adjusted Gross Margin |
75% |
74% |
73% |
73% |
Adjusted Operating Margin |
1% |
0% |
1% |
4% |
But for 2023, Rapid7 only expects its revenue to rise 13%-14%, and for its ARR to grow 14%-16%. Like many of its cybersecurity peers, Rapid7 blamed that slowdown on the impact of macro headwinds on software spending.
On the bright side, it expects its adjusted operating margin to expand to about 8% as it reins in its spending. As a result, analysts expect its adjusted EPS to surge 146% this year. Its adjusted earnings before interest, taxes, depreciation, and amortization (EBITDA) --- which more than doubled in 2022 -- are also expected to rise 69% this year.
So is it too late to buy Rapid7?
Based on its current enterprise value of $3.07 billion, Rapid7 trades at four times this year's sales and 37 times its adjusted EBITDA. Those valuations seem reasonable relative to those of its peers: Tenable trades at 6 times this year's sales and 42 times its adjusted EBITDA, while Qualys trades at 8 times this year's sales and 19 times its adjusted EBITDA. Tenable and Qualys are both expected to grow their revenues at a similar low-teens rate as Rapid7 this year.
It's not exactly too late to invest in Rapid7, but there are more compelling cybersecurity stocks to buy right now. Without a potential takeover on the table, I'd merely keep an eye on Rapid7 instead of aggressively buying it as its growth slows down.